DBus/QtDBus Concerns

Thomas Zander zander at kde.org
Thu Jul 13 10:31:34 BST 2006

On Thursday 13 July 2006 01:50, David Jarvie wrote:
> KAlarm and kalarmd need to interact via D-Bus. If some other
> application made certain D-Bus calls, alarms could be lost. 

Only if those applications were malicious. If you expect things to get 
lost due to bugs, I suggest you take a long look at the interaction you 
have via dbus since that may need some work ;)

> So it seems 
> a sensible precaution to check the sender (just as was done in KDE 3
> using DCOP).

Well, in this case I can see how someone might want to write a kalarm 
replacement in their own way. There are lots of things I can think about 
where this is usefull. For example one of the online TVGuide providers 
that have a Java swing client might want to add an alarm to kalarmd 
instead of inventing their own alarm daemon.

What you are suggesting is to close the alarms modification to one client 
only. I think this is fundamentally the wrong path to walk down.

If you are concerned with trojans that remove the alarms, then I don't 
know what to answer except that there are a lot easier way to corrupt the 
alarms. Simply killing the daemon might be one of them.

Thomas Zander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060713/18b1e19c/attachment.sig>

More information about the kde-core-devel mailing list